Stránka 1 z 2
pravidelné vírusy
Napsal: 05 lis 2019 17:23
od kaso
Zdravím,
Pred nejakou dobou som si všimol, že mi nejde otvoriť správca úloh. Prečistil som PC pomocou malwarebytes a našiel som okolo 50 vírusov. 3 vírusy boli odlišné a všetky ostatné rovnaké (viď. photo). Vírusy som vymazal a počítač reštartoval. Potom som si všimol, že po vymazaní tých vírusov sa mi vymazalo aj veľa iných vecí a hocijaké programy som nemohol spustiť a musel znovu nainštalovať.
Po niekoľkých dňoch som mal vírusy naspäť (3 odlišne a ostatné rovnaké) + stále mi ukazuje nové vírusy.
Dá sa s tým niečo urobiť alebo treba preinštalovať PC?
Ďakujem
Re: pravidelné vírusy
Napsal: 05 lis 2019 17:51
od Rudy
Re: pravidelné vírusy
Napsal: 05 lis 2019 18:56
od kaso
Re: pravidelné vírusy
Napsal: 05 lis 2019 19:56
od Rudy
OK. Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner
https://malwarebytes.com/adwcleaner/ nebo
http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Re: pravidelné vírusy
Napsal: 05 lis 2019 20:55
od kaso
Re: pravidelné vírusy
Napsal: 05 lis 2019 21:52
od Rudy
OK. Dejte nové logy FRST+Addition.
Re: pravidelné vírusy
Napsal: 05 lis 2019 23:36
od kaso
Re: pravidelné vírusy
Napsal: 06 lis 2019 10:22
od Rudy
Já nechtěl log z ADW, ale FRST+Addition. PC ještě musíme dočistit.
Re: pravidelné vírusy
Napsal: 07 lis 2019 12:15
od kaso
Ospravedlňujem sa za neskorú odpoveď...
https://filebin.net/l41l1jgqqqcerry0
Re: pravidelné vírusy
Napsal: 07 lis 2019 15:58
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {69331490-6EC7-4897-BE41-1FCBA4CB9EAC} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {EACCE2F8-3574-49DB-A736-6C59FB36DBC1} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
S3 esihdrv; \??\C:\Users\Patrik\AppData\Local\Temp\esihdrv.sys [X] <==== ATTENTION
C:\Program Files (x86)\dfsdfsdfsdfs
CustomCLSID: HKU\S-1-5-21-1122916192-3197536013-1366811968-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Patrik\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1122916192-3197536013-1366811968-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Patrik\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1122916192-3197536013-1366811968-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Patrik\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
AlternateDataStreams: C:\Users\Patrik\Data aplikací:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Patrik\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]
FirewallRules: [{6D5D3965-C84D-4939-AB8F-518A29B31639}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{F1CE634F-6ACC-44DD-940A-23BA3EE1BF20}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{F0326EC7-9C07-45A2-9C36-D5F78D261CFE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{607CDDEA-22CE-4F30-8742-59F87B1520BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{2002463B-81EC-4D23-BC83-40B9B5956538}] => (Allow) D:\Program Files (x86)\Battlefield 3\bf3.exe No File
FirewallRules: [{F25727F6-1390-49B9-8F82-00A93F4D5BE6}] => (Allow) D:\Program Files (x86)\Battlefield 3\bf3.exe No File
FirewallRules: [TCP Query User{15DB9E1B-4D71-491E-A9C7-2175B7C8A620}D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{97D0AC71-A862-413C-B46A-DB24DDAAEBA5}D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File
FirewallRules: [{44071187-7111-4C0A-8D0A-81AA7672A46B}] => (Block) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File
FirewallRules: [{A838B4CA-6B79-4CC7-AE3C-52414F279F73}] => (Block) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{C47BF6AB-CDB9-4C29-9B03-D8E266C00968}D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe] => (Allow) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{0C88F2D3-7BC1-4920-9347-DDE9E57161EB}D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe] => (Allow) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe No File
FirewallRules: [{E6E2C78C-43E7-4E75-B6BC-F281B2D9C689}] => (Block) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe No File
FirewallRules: [{A9B2CCCB-3E83-4FE5-A782-CBB685C57467}] => (Block) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{22F8BCCF-ECE6-49AD-A5ED-3451A06F3FF5}D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{1147E061-BE81-4AC1-A5A7-AC2B5BF1BE1A}D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [{13A568DC-79F8-4DFA-AFAF-2B70E2680984}] => (Block) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [{ECCD8498-A4C5-4F93-84E0-1B5692E7F5D9}] => (Block) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{17FFD7F4-B823-4512-94C2-D0C408A660B2}D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{66F3CF58-7814-44A4-AEDA-B6F6D349DD92}D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{EC4A5C6F-907F-4EAB-B906-D101C2AF1F00}D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{D30971BB-3443-4D9E-892B-8C30AE21734F}D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) D:\program files (x86)\riot\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [{56EB49E5-A2D4-4D96-AC50-2918A269751D}] => (Allow) C:\Users\Patrik\AppData\Local\Temp\3582-490\Steam.exe No File
FirewallRules: [{628CC777-F17E-4682-B6C1-8BF272794611}] => (Allow) C:\Users\Patrik\AppData\Local\Temp\3582-490\Steam.exe No File
FirewallRules: [{6373489D-F16D-484F-B3AD-9006EC6F008C}] => (Allow) C:\Users\Patrik\AppData\Local\Temp\3582-490\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{9D9F11A2-5A87-4CF2-B434-2BDD02EEC8C1}] => (Allow) C:\Users\Patrik\AppData\Local\Temp\3582-490\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [TCP Query User{34AE17CE-33D2-4702-9B02-C99C2CFA9ECE}C:\users\patrik\appdata\local\temp\3582-490\javaw.exe] => (Allow) C:\users\patrik\appdata\local\temp\3582-490\javaw.exe No File
FirewallRules: [UDP Query User{B5A24568-DE51-461B-8989-FDB6265E09C4}C:\users\patrik\appdata\local\temp\3582-490\javaw.exe] => (Allow) C:\users\patrik\appdata\local\temp\3582-490\javaw.exe No File
FirewallRules: [{66A38F45-9360-4E04-864D-F1F6BA05AE85}] => (Block) C:\users\patrik\appdata\local\temp\3582-490\javaw.exe No File
FirewallRules: [{9C4D8953-DA87-4A92-AB5C-860634196E63}] => (Block) C:\users\patrik\appdata\local\temp\3582-490\javaw.exe No File
EmptyTemp:
End
Uložte do F:\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Re: pravidelné vírusy
Napsal: 07 lis 2019 22:27
od kaso
https://filebin.net/vpvi06l2essrn26s
Akurát som zistil, že tie vírusy mám znova...
Re: pravidelné vírusy
Napsal: 08 lis 2019 10:37
od Rudy
Vše bylo smazáno. Nechápu.
Re: pravidelné vírusy
Napsal: 08 lis 2019 11:02
od JaRon
jednorazovo zaskocim:
odinstaluj steam
+
restartuj PC do núdzového rezimu a vycisti s MBAM a CCleanerom
+
restart
https://www.avg.com/en-ww/remove-win32-neshta
Re: pravidelné vírusy
Napsal: 08 lis 2019 17:55
od kaso
Mám vymazať všetky vírusy? Keď ich vymažem tak sa mi odstránia dôležité súbory programov takže ich budem musieť znovu nainštalovať.
Re: pravidelné vírusy
Napsal: 08 lis 2019 20:02
od rifteyy
Přeji pěkný den, nejprve se chci omluvit, že sem píši, ale...
Reinstalovat programy by bylo zatím k ničemu, Neshta.A je file infector, a dokud se infikátor nenalezne, tak nic bych na mém místě nereinstaloval. V dejme tomu knížce od ESETu je článek, co Neshta vytváří.
%temp%\tmp5023.tmp
%windir%\directx.sys
%windir%\svchost.com (41472 B, Win32/Neshta.A)
Registry klíče:
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
"(Default)" = "%windir%\svchost.com "%1" %*"
Neinfikované soubory se nacházejí prý ve %temp%\3582-490\%filename%. Více najdete na
https://www.virusradar.com/en/Win32_Nes ... escription.
Doufám, že jsem alespoň trochu pomohl.
Díky.